lc myspace law enforcement guide

MySpace.com Law Enforcement Investigators Guide Last updated June 23, 2006 Mailing Address: LEO Telephone Hotlines: C...
0 downloads 45 Views 49KB Size
DOWNLOAD .PDF
MySpace.com Law Enforcement Investigators Guide Last updated June 23, 2006

Mailing Address:

LEO Telephone Hotlines:

Custodian of Records MySpace.com 407 N. Maple Drive Beverly Hills, CA 90210

Phone: 310-969-7399 Fax: 310-969-7394

LEO E-mail Address: [email protected]

Table of Contents

Preface................................................................................................................. 3 A. Introduction...................................................................................................... 3 B. General Information About MySpace and Law Enforcement Requests ........... 4 C. The Categories of Information MySpace Collects and Retains ....................... 5 D. Current MySpace Retention Periods .......................................................................7 E. Requests to Preserve Records ........................................................................ 8 F. Service of Process and Production of Records................................................ 9 G. Interpreting Information Produced by MySpace .............................................. 9 H. User Consent .................................................................................................. 11 I. Emergency Disclosures ................................................................................... 11 J. Sample Language for Requests ...................................................................... 11 I. Websites and Resources ................................................................................. 16

2

Preface MySpace.com (“MySpace”) is committed to assisting law enforcement, to the extent permitted by law, in investigations involving the abuse of the MySpace service in connection with unlawful activity. This Law Enforcement Guide is designed to serve that purpose by providing information to facilitate law enforcement requests for user data held by MySpace. The Guide specifies what information is collected by MySpace, how long that information is retained, how to tailor requests to ensure MySpace produces the specific information sought, and the legal process necessary to permit MySpace to disclose different types of information. The Guide also addresses the most frequently asked questions from law enforcement about seeking information from MySpace. Finally, the Guide provides contact information for MySpace personnel dedicated specifically to responding to law enforcement requests, including emergency requests.

A. Introduction The MySpace service empowers millions of users to communicate with a worldwide online network of friends. MySpace recognizes, however, that some users may abuse the MySpace service to engage in unlawful activity, and that MySpace also may hold information in some instances that would otherwise assist law enforcement (for example, in locating a child in danger). MySpace supports the vision of providing a safer and more secure environment for all MySpace users. Accordingly, MySpace is committed to a high level of cooperation with law enforcement to assist in investigating and identifying those involved in activity that undermines this vision. MySpace firmly believes that educating law enforcement about the user information it retains, and MySpace’s ability to lawfully disclose such information to law enforcement will permit law enforcement to gain access to the information it needs to fulfill its mission more efficiently and effectively. Accordingly, MySpace created this Law Enforcement Guide, which attempts to provide transparency about MySpace’s ability to serve law enforcement’s needs. Given the size and scope of the MySpace service, MySpace receives voluminous requests for information, many of which are initiated by parties engaged in civil disputes. Because MySpace wishes to prioritize law enforcement requests, it has established dedicated lines of communication reserved solely for law enforcement requests. Furthermore, this Guide is intended solely for use by bona fide law enforcement agencies and may not be distributed to any other person or organization without the express written authorization of MySpace. MySpace will require verification that the person requesting this Guide is a bona fide law enforcement officer or acting on behalf of a law enforcement agency or prosecutor’s office. This Guide is the property of MySpace and MySpace reserves the right to change any of the policies stated in this Guide at any time without notice. MySpace will make reasonable efforts to inform law enforcement of any significant changes in policies or procedures through updates to this Guide. The information in this Guide is not intended to create any enforceable rights against MySpace.

3

B. General Information About MySpace and Law Enforcement Requests MySpace is a free online social networking service that allows users to create their own profile pages, which can include lists of their favorite musicians, books and movies, photos of themselves and friends, and links to pages within and outside the MySpace environment. The service also permits users to send and receive private messages with other MySpace users, and to restrict the disclosure of certain information (blogs, profile information) exclusively to their MySpace friends. There are also many third party features that can be used with a MySpace profile, but which are not controlled by MySpace. MySpace does not charge its users to set up their profiles or establish an account. It does not require or accept credit card or other payments, and does not independently verify the identity of its users. Therefore, it is possible for a user to establish a false identity or name. Users also have the ability to retain or delete certain information stored in their accounts. For these reasons, MySpace’s ability to produce information sought by law enforcement will in many cases be determined partially by the actions taken by the user. MySpace is committed to assisting with law enforcement investigations to the fullest extent, consistent with applicable law. The primary set of laws governing MySpace’s ability to disclose user information is found in the Electronic Communications Privacy Act, 18 U.S.C. § 2701, et seq. (“ECPA”). Because MySpace functions as both an “electronic communications” and “remote computing” service as defined under ECPA, ECPA mandates that MySpace disclose certain user information only in response to specific types of government process, including subpoenas, court orders, and search warrants. Generally speaking, ECPA permits the disclosure of basic user identity, log-in information, and stored files in response to a subpoena, but requires a court order under § 2703(d) to disclose additional user records, or search warrant to authorize disclosure of private user messages. The rules may differ also depending on whether law enforcement seeks stored, historical information, or to capture information prospectively. For example, if law enforcement seeks ongoing information about a user’s IP address each time they log-in to their account, the law would require a pen register/trap and trace order. Should you seek further clarification about ECPA’s restrictions on providers like MySpace, we suggest you contact the Department of Justice’s Computer Crime and Intellectual Property Section (CCIPS) at 202-514-1026. In MySpace’s experience, most law enforcement requests seek information about the user identity, or specific materials in connection with a particular aspect of the MySpace service. Therefore, MySpace attempts in this Guide to provide sufficient information to permit law enforcement to serve narrowly tailored requests, issued under the appropriate criminal process, in order to facilitate MySpace’s ability to lawfully disclose the exact information sought in a timely manner. Finally, MySpace receives a number of requests for information that is publicly available and can be obtained without the need for legal process or assistance from MySpace. MySpace profiles can be searched directly from the MySpace.com home page. MySpace also has extensive help pages that may assist law enforcement in determining if the information is publicly available, and may further assist law enforcement in understanding the particular features offered. The MySpace help pages can be found via a link at the top right hand corner of the MySpace.com home page. 4

C. The Categories of Information MySpace Collects and Retains 1. Public Information MySpace users may choose whether to make their profile information publicly viewable and available, or to keep it private and limited only to the friends of their choosing. For public profiles, the publicly available information includes journal entries (unless the profile owner has elected to make the specific entry “private”), images, user comments, friend lists and public profile information such as first name, headline, music, movies, books and all other public sections on a MySpace profile. There is no need to issue legal process to MySpace to obtain this information. Rather, MySpace suggests that the law enforcement investigator make an electronic copy of the public components of the profile in question by saving the web page(s) and files on her computer. To do so, while viewing the profile in question, simply click your browser’s “File” menu tab (in the upper left-hand corner) then drop down to and click “Save As.” Make sure to do the same for all journal entries and the image gallery should you want records of those items.

2. Non-Public Information Generally For private profiles, the information noted above will only be available to the user, her friends, and to MySpace, and will require legal process for MySpace to disclose. In addition to the user information publicly available in user profiles, MySpace also collects and stores certain information that, depending on the information at issue, may be available only to MySpace (IP logs), only to the user and MySpace (private messages), or only to the user, those friends the user has permitted to view the information, and MySpace (blogs or journals marked “private”). Some of the information is provided by the users themselves upon registration or when updating profiles. Other items are collected by the site automatically or involve private communications exchanged between MySpace users. Depending on the type of information sought, ECPA may require the use of a different form of legal process, the period MySpace retains the information may differ, and the user may have the ability to determine whether the information remains available. The specific categories of non-public information available are identified below. For each, MySpace provides a general description of the available information to enable law enforcement to tailor requests to ensure the specific information is retrieved and able to be disclosed lawfully under ECPA. Please be mindful that MySpace has more than 80 million users with access to a variety of different features on the MySpace service. Accordingly, when drafting subpoenas, court orders, or search warrant, please be as specific as possible about the account at issue, and the nature of the information sought. Clearly worded requests will reduce confusion, enable MySpace to respond more quickly, and ensure that no issues arise under ECPA limiting MySpace’s ability to comply. As a threshold matter, given the size of MySpace’s user population, it is critical and required that the ‘FriendID’ of the relevant account be included in the legal process. The FriendID can be located in the web address of the profile in question. 5

Example of FriendID for Tom’s profile: http://www.myspace.com/index.cfm?fuseaction=user.viewProfile&friendID=6221&Myto ken=20050518161358 The above FriendID in this example is ‘6221’. This unique number allows us to locate the profile. If the profile appears as ‘MySpace.com/Tom’, click on the ‘View More Pics’ link. This will display the following link: http://viewmorepics.myspace.com/index.cfm?fuseaction=user.viewPicture&friendID=6 221&friendName=Tom&Mytoken=20050829192700 The FriendID can then be located in the URL.

3. Specific Categories of Non-Public Information *TIP: Review MySpace Retention Periods Listed Below

a. Basic user identity information When users create a MySpace profile, they can provide certain identity information to MySpace that is not made publicly available. Similarly, some basic identity information will be private if the user creates a private profile. Much of this information may be produced in response to a grand jury or administrative subpoena pursuant to 18 U.S.C. § 2703(c)(2). Please note that the information provided by the user may not necessarily be accurate. Users do not need to confirm their email address, nor is this information verified by MySpace. This information includes: Date profile created; First and last name provided by user; User ID; Email address provided by user; Zip code provided by user; City and Country; Account creation date and time; and the IP address at time of sign-up.

b. IP address logs (recorded at time of log-in) MySpace’s system records the IP address assigned to the user at the time the user accesses his or her profile. MySpace’s IP logs show the IP address, and the date and time of the log-in (PST). MySpace may produce historic IP logs in response to a grand jury or administrative subpoena under 18 U.S.C. § 2703(c)(2). Please note that many IP addresses are provided temporarily by the user’s internet service provider. MySpace also has the ability to capture log-in IPs prospectively, and can do so upon receipt of a Pen Register/Trap and Trace Order under 18 U.S.C. § 3121.

c. Private user communications (messages in inbox or sent mail) MySpace permits users to exchange private mail messages with other MySpace members. These communications are sent from and held for users on MySpace servers. ECPA generally restricts disclosure of private user communications less than 180 days old except in response to a search warrant. 18 U.S.C. § 2703(a).

d. Stored user files (photos, videos, blogs, classifieds) MySpace has a number of features that allow users to upload and store data on MySpace. This data may take the form of private profile information such as photos or videos uploaded to their profile, private journals or blogs, the identities of their friends, classified advertisements, messages posted on the MySpace forums or in MySpace groups, and address book and calendar contents. Many of these items are maintained on publicly available areas of the MySpace site, and most of these 6

items may be deleted or removed by the user who posted them. Under 18 U.S.C. § 2703(b)(2), MySpace may generally disclose private stored files in response to a subpoena or court order where the government provides prior notice to the subscriber (or delays notice under 18 U.S.C. § 2705).

e. Other general records or information MySpace also collects certain information supplied by users that is not specifically covered as basic subscriber information under 18 U.S.C. § 2703(c)(2). Such information may be disclosed under ECPA pursuant to a court order under 18 U.S.C. § 2703(d). This information includes the user’s date of birth, gender, hometown, and occupation, as well as historical private message header information.

D. MySpace Retention Periods Because MySpace has over 80 million users, all of whom have the ability to store information, MySpace does not have the ability to retain user information indefinitely. Accordingly, MySpace provides herein its current retention policies for the most commonly sought categories of information to permit law enforcement the ability to determine whether information will be available, and to issue written preservation requests where data might otherwise be deleted (see Section E below). Please note that all retention periods are estimated and may vary depending on system conditions and other circumstances.

1. Active Accounts a. Basic user identity information, stored user files, and general records: The basic identity information entered by a user in creating a profile, as well as data (blog entries, user profile information, etc.) and images contained in an account are maintained as long as the user has not removed or edited the content from the profile. Once a change is made by the user, the previously existing information is overwritten.

b. IP address logs The IP Log for each FriendID is available for up to ninety days after the applicable login on the account. This data can not be modified by the user once it is recorded.

c. Private user communications: •

Private inbox messages -- Private messages are retained until the user removes them (MySpace cannot recover deleted messages). MySpace does not maintain copies of messages marked for deletion by a user (other than for a period of time in the trash folder as noted below), and cannot recover deleted messages.



Private sent messages -- 14 days



Private messages in trash mail -- 30 days or less (if user does not empty trash). Trash mail consists of private messages users have designated for deletion. If the user does not empty their trash, the messages will be automatically purged periodically, and generally within 30 days or less. Note

7

that users can empty their trash at any time after which the data is permanently lost.

2. Deleted Accounts a. Basic user identity information, stored user files, and general records: User identity and date in the user profile is generally available for up to ten days after account deletion. Other stored files, such as photos, may be lost at the time of account deletion.

b. IP address logs User ID, IP Address and Login date stamps are retained for up to 90 days after account deletion.

c. Private user communications: No mail (inbox or sent mail) is available for deleted accounts.

E. Requests to Preserve Records MySpace will honor requests by law enforcement to preserve information in accordance with 18 U.S.C. § 2703(f). In response to such requests, MySpace will preserve the specific information identified in the request for 90 days, and for an additional 90 days if the law enforcement entity requests the original period be extended. Please fax a signed letter on law enforcement agency letterhead requesting that MySpace preserve the records to 310-969-7394. Please provide specific guidance as to the particular information that you seek to preserve, and limit your preservation request to information for which you intend to seek legal process. Attached in our form section is a sample letter for a preservation request that can be faxed to MySpace. MySpace can only preserve a currently active (non-deleted) account. Please note that once information in an active account has been preserved, the following will occur unless other arrangements are made with MySpace and indicated in the request: -The account will still be publicly viewable -The user will no longer be able to log into her account If restricting the user’s access to the profile will impede an investigation, you must specifically request in the letter that the user not be notified of the investigation if you do not want the subject account to be locked. In such cases, MySpace will output to a flat file the specific information for which preservation is sought that is available at the time the request is processed. Because the user will retain access to the account, please note that any interim changes to account information made between the time the flat file is created and the ultimate legal process is served may not be recorded.

8

F. Service of Process and Production of Records In order to streamline the process for satisfying law enforcement requests, MySpace will accept service of all subpoenas, court orders, search warrants, emergency requests and user consents by fax (310-969-7394) or mail (at the address on the cover of this Guide). MySpace will also accept service and produce documents in response to out-of-state domestic subpoenas, court orders, and search warrants. MySpace’s preferred method for producing information in response to legal process is to submit the information in an Excel spreadsheet sent via e-mail. MySpace will also provide a signed authentication letter for the production by PDF or Fax. Accordingly, where possible, please specify on the applicable subpoena, order or warrant (or cover letter) the email address to which results can be sent and where an authentication letter can be faxed (if you prefer to have the letter faxed). The production of records in response to legal process generally will not result in the user’s account being terminated, nor foreclosing their access to the account (presuming a prior preservation request was not issued). Accordingly, the user will retain the ability in most cases to delete, modify and edit data associated with the account unless a preservation request, which locks the user from the account, is made, or MySpace exercises its right to terminate the account for a terms of service violation. If Law Enforcement desires for investigative purposes that MySpace not terminate the account, please let us know.

G. Interpreting Information Produced by MySpace The explanations provided below are intended to assist law enforcement in deciphering the meaning of the information produced by MySpace, and responds to the most frequently asked questions about MySpace productions.

1. Email Address Please note that an email address consists of two parts: A username and then the domain that hosts the email account. Example: [email protected] ‘Abuse’ is the username and all information after the ‘@’ belongs to the domain (which in this case is MySpace.com). Therefore, you should contact MySpace.com to make inquires about the username ‘Abuse’. If the email domain belongs to a different ISP (e.g., MSN, AOL, Yahoo, or Gmail), then information about that email address should be sought from that provider.

2. IP Address Logs IP Logs include the IP address assigned to the user (by their ISP) at the time of login, and also include a date stamp showing when the login occurred. All IP logs provided by MySpace.com are Pacific Standard Time. Example: 67.134.143.254 08/22/2005 3:15 PM PST You can find out which Internet Service Provider the IP address belongs to by performing a “Whois” lookup on the IP address at any of the following sites:

9

http://whois.domaintools.com http://www.networksolutions.com/cgi-bin/whois/whois The IP Address in the example above (67.134.143.254) generated the following result: Qwest Communications QWEST-BLKS-5 (NET-67-128-0-0-1) 67.128.0.0 - 67.135.255.255 This result means the IP address belongs to Qwest Communications. Qwest Communications could be contacted to provide the information about what individual or company was using that IP address at that date and time.

3. Private Messages Private messages will be produced in Excel spreadsheet form, with two separate tabs on the bottom of the spreadsheet for messages. One tab is the ‘Sent From User’ messages (user’s sent mail) and the other is ‘To User’ (user’s inbox). The spreadsheet for private messages will have the following five headers: ToUserid

FromUserid

Subject

Body

CreatedDate

ToUserid is the FriendID of the account the message is sent to. FromUserid is the FriendID of the account the message is sent from. Subject is the subject line of the message in question. Body is the actual content of the message. CreatedDate is the date stamp of the message. Example: ToUserid 6221

FromUserid 22234567

Subject RE: Welcome to MySpace.com

Body Thank you Tom for the welcome! ----------------- Original Message ----------------From: Tom Date: Apr 23, 2005 4:49 PM Hi, My name is Tom! Welcome to MySpace CreatedDate 4/23/2005 22:29

10

Please note the ‘----------------- Original Message ----------------- ‘ in the body of the message and the ‘Re’ (“Regarding”) in the subject line shows that the user in question is responding to an existing private message sent to him. The responding email shows who the original sender is, as well as the time and date sent.

11

H. User Consent Because ECPA provides an exception for disclosures of information with the consent of the user, MySpace will disclose information based on user consent obtained by law enforcement where sufficient information is provided to verify that the person providing the consent is the actual owner of the profile, and where law enforcement endorses the authenticity of the consent. Accordingly, in addition to a description of the specific information sought, the user must provide the information called for in the sample Consent Form set out below. MySpace will be unable to release the information if the user is unable or unwilling to provide registration information that correlates to the information in MySpace user records.

I. Emergency Disclosures Under 18 U.S.C. §§ 2702(b)(8) and 2702(c)(4), MySpace is permitted to disclose information, including user identity, log-in, private messages and other information voluntarily to a federal, state, or local governmental entity when MySpace believes in good faith that an emergency involving danger of death or serious physical injury to any person requires such disclosure without delay. MySpace will disclose records to assist law enforcement in the case of emergencies meeting ECPA’s threshold requirements. Accordingly, to assist MySpace in exercising its discretion, we request that law enforcement provide information in writing sufficient to show the existence of the emergency. If you find it useful, you may simply complete MySpace’s Emergency Disclosure Form (contained in Section J herein). Providing such information will ensure that true emergencies receive the swiftest response. The Emergency Disclosure request must be submitted by a law enforcement officer. For emergency law enforcement requests, MySpace also reserves a special telephone hotline that MySpace will staff 24 hours a day/7 days a week. The emergency hotline is 310-969-7399. Please reserve this hotline for true emergencies to ensure that such cases are always afforded the highest priority.

J. Sample Language for Requests This section provides sample language that can be used by law enforcement to complete the section of their legal process identifying the information they seek from MySpace.

1. Sample Subpoena Language for Basic User Identity Information and IP logs Records concerning the identity of the user with the FriendID ###### consisting of name, postal code, country, e-mail address, date of account creation, IP address at account sign-up, and logs showing IP address and date stamps for account accesses

2. Sample Search Warrant Language for User Information Including Private User Communications

12

Records concerning the identity of the user with the FriendID ###### consisting of name, postal code, country, e-mail address, date of account creation, IP address at account sign-up, logs showing IP address and date stamps for account accesses, and the contents of private messages in the user’s inbox, sent mail and trash folders.

13

3. Sample Preservation Request Letter (Must be on law enforcement department letterhead) Custodian of Records MySpace.com 407 N. Maple Drive Beverly Hills, CA 90210 Re: Preservation Request Dear Custodian of Records: The below listed account/profile is the subject of an ongoing criminal investigation at this agency, and it is requested pursuant to 18 U.S.C. § 2703(f) that the following information associated with said account/profile be preserved pending the issuance of a search warrant or other legal process seeking disclosure of such information: [Specify information to be preserved]. I understand that MySpace.com will lock the profile/account in question, thereby rendering the account inaccessible to its owner. I also understand that certain data associated with the account, such as sent messages, are subject to automatic deletion. Profile URL: FriendID: If you have any questions concerning this request please contact me at [insert email address and phone contact] Thank you for your assistance in this matter. Sincerely, (Your Signature) (Your Name Typed) (Your Title Typed)

14

4. Sample Consent Form (Must be on the investigating agency or department letterhead) I, "XYZ", being duly sworn, on this [insert date] do hereby state the following: I have one or more profiles on MySpace.com. The URLs / FriendIDs are: ______________________________________________________________________ ______________________________________________________________________ I understand that the "ABC" agency is conducting an official criminal investigation and has requested that I grant my consent to authorize the "ABC" agency to access, request, receive, review, copy and otherwise utilize, as they deem appropriate, the following information from the above profiles: [specify information sought] I hereby authorize MySpace.com to provide to any agent of the above referenced agency, the above-specified information associated with my identified MySpace.com profiles/accounts. The following information should be used to verify my identity: Email address for account: _________________ Password for account: _____________________ Date of birth for account: ___________________ Zip Code for account: ______________________ Pursuant to this Consent, I waive any claims against, indemnify and hold harmless MySpace.com, its affiliates, and their respective directors, officers, agents, and employees from and against any claims, damages or expenses relating to or arising from, in whole or in part, the disclosure of such information, records and data. I have not been promised anything in exchange for providing this consent and authorization. In witness whereof, the undersigned makes the above statements under penalty of perjury. Member Signature and Printed Name

Date

Law Enforcement Witness Signature, Printed Name and Printed Title

Date

15

5. Sample Emergency Disclosure Form (Must be on the investigating agency or department letterhead) Emergency Disclosure Form Please complete this form to assist MySpace in exercising its discretion to disclose information to you pursuant to 18 U.S.C. § 2702(b)(7) and § 2702(c). 1.

What is the nature of the emergency involving death or serious physical injury?

2.

Whose death or serious physical injury is threatened?

3. What specific information in MySpace’s possession related to the emergency do you need? ________________________ Signature of Officer

_________________________________ Printed Name of Law Enforcement Officer

J. Websites and Resources www.myspace.com/misc/safetytips.html - MySpace.com’s Safety Tips section which includes a section dedicated to parents concerned about their child’s Internet use. United States Department of Justice, Computer Crime and Intellectual Property Section, www.cybercrime.gov - DOJ guidance on authorities governing obtaining electronic evidence. United States Department of Justice, Office of Justice Programs, National Institute of Justice, publishes an investigative guide for electronic crime. The information contained in Electronic Crime Scene Investigation-A Guide for First Responders (available free of charge and downloadable from the Department of Justice website (www.ncjrs.org/pdffiles1/nij/187736.pdf)) helps line officers perform their jobs. www.cyberlawenforcement.org - WiredSafety’s law enforcement website. www.ncmec.org - National Center for Missing and Exploited Children website.

16